ID
VAR-202512-4489
CVE
CVE-2025-64153
DESCRIPTION
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
Trust: 1.0
sources:
NVD: CVE-2025-64153
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortiextender | scope: | gte | version: | 7.4.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | lte | version: | 7.6.3 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | lte | version: | 7.4.7 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | gte | version: | 7.6.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | lte | version: | 7.2.5 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | gte | version: | 7.0.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | lte | version: | 7.0.4 | Trust: 1.0 |
| vendor: | fortinet | model: | fortiextender | scope: | gte | version: | 7.2.0 | Trust: 1.0 |
sources:
NVD: CVE-2025-64153
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-64153 //
NVD: CVE-2025-64153
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
sources:
NVD: CVE-2025-64153
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-64153 | Trust: 1.0 |
sources:
NVD: CVE-2025-64153
REFERENCES
| url: | https://fortiguard.fortinet.com/psirt/fg-ir-25-739 | Trust: 1.0 |
sources:
NVD: CVE-2025-64153
SOURCES
| db: | NVD | id: | CVE-2025-64153 |
LAST UPDATE DATE
2026-01-15T23:26:36.659000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-64153 | date: | 2025-12-09T21:25:28.153 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-64153 | date: | 2025-12-09T18:16:04.910 |